main/jasper: security fix CVE-2017-1000050. Fixes #7572

1 files changed, 10 insertions, 4 deletions

diff --git a/main/jasper/APKBUILD b/main/jasper/APKBUILD
index 828885f809..3c4cfe45fd 100644
--- a/main/jasper/APKBUILD
+++ b/main/jasper/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=jasper
 pkgver=2.0.12
-pkgrel=0
+pkgrel=1
 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
 url="http://www.ece.uvic.ca/~mdadams/jasper/"
 arch="all"
@@ -9,10 +9,15 @@ license="custom:JasPer2.0"
 depends=  #"libjpeg>=8 freeglut libxi libxmu mesa"
 makedepends="libjpeg-turbo-dev cmake"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
-source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz"
-
+source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz
+	CVE-2017-1000050.patch
+	"
 builddir="$srcdir"/$pkgname-$pkgver
 
+# secfixes:
+#   2.0.12-r1:
+#     - CVE-2017-1000050
+
 build () {
 	mkdir "$builddir"/obj
 	cd "$builddir"/obj
@@ -35,4 +40,5 @@ libs() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
 }
 
-sha512sums="3b0f5a5640838b328d989a80461a23ca8ac98af054a7f15c13a543e769c98bb632b74114923c02c3b2de76747187747aec6e18a2cf14035a8d79eb3482fd553b  jasper-2.0.12.tar.gz"
+sha512sums="3b0f5a5640838b328d989a80461a23ca8ac98af054a7f15c13a543e769c98bb632b74114923c02c3b2de76747187747aec6e18a2cf14035a8d79eb3482fd553b  jasper-2.0.12.tar.gz
+2851d1cd7ed372cde5f9d6d6610e2c5507f5a8d571b1db9fc9afce64a1b35a78776d547b8281da770ab4d2f20c2e87cde989a16c17017c80ab12eedd8164cbb8  CVE-2017-1000050.patch"